How we may share personal data
For the purposes and based on the legal bases described under the section “For which purposes and on basis of which legal bases we collect personal data” above, Establishment Labs may need to disclose and transfer personal data as detailed in this section.
When required to achieve the above purposes, Establishment Labs may share personal data:
- with your prior (explicit) consent or as you may direct;
- between ESTA and EDC, acting as joint controllers (if applicable);
- with affiliated companies of Establishment Labs, primarily for business and operational purposes (a list of Establishment Labs’ affiliated companies is available at HTTPS://ESTABLISHMENTLABS.COM/;
- with our insurance providers, who shall protect your information with the same care and only use your personal data as processors on our behalf and in accordance with our instructions;
- with our service providers [that provide web-related, data storage, advertising, or analytics services to us so that we can administer web servers and store information on a secure database or on back-up disks], who shall protect your information and only use your personal data as processors on our behalf and in accordance with our instructions;
- when required by law or by the courts or other law enforcement authorities or judiciary authorities of the countries where we have operations.
The above recipients may be located in Costa Rica, Belgium, USA, Brazil, UK, Sweden, Denmark, or Norway, which include countries outside the EEA that are not recognized as providing an adequate level of protection. In any case, we will only transfer personal data to recipients that provide an adequate level of data protection or as permitted by data protection laws by implementing appropriate safeguards, including relevant data transfer agreements based on the EU Commission Standard Contractual Clauses for the transfer of data to third countries (Article 46, 2., (c) of the GDPR as of 25 May 2018. A copy of these appropriate safeguards may be obtained from **PRIVACY@ESTABLISHMENTLABS.COM** (see further contact details in the Section “How to contact us” below).
Only a limited number of individuals within Establishment Labs will be granted access to personal data about you on a need-to-know basis.
Personal data about other individuals
We are committed to ensuring that your personal data is secure. In order to prevent accidental or unlawful destruction or accidental loss, misuse, unauthorized access, disclosure, alteration, or destruction, and against any other unlawful form of processing of personal data as defined by applicable data protection laws, we have put in place – and required that any third-party services providers and/or processors processing personal data on our behalf and under our instructions put in place – appropriate technical and organizational measures to safeguard and secure the personal data we collect and process online or otherwise in the context of your use of this website. Both EDC and ESTA (if you are located in the EU) are responsible for implementing and maintaining such security measures to protect personal data stored on their respective servers, platforms, and systems.
However, please note that no electronic transmission or storage of information is 100% secure. Therefore, despite the security measures that we have put in place to protect personal data about you, we cannot guarantee that loss, misuse, or alteration of data will never occur.
Links to other websites
This website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and refer to the privacy statement applicable to the website in question.
How long we may keep personal data
Your personal data will not be kept for longer than necessary for the purposes identified herein, or as required to comply with our obligations under applicable law or for the establishment, exercise, or defense of legal claims, which can, in principle, be up to 10 years after the end of your contractual relationship with Establishment Labs (if any), unless shorter or longer retention periods apply under applicable law.
What are your rights?
Right of access: you have the right to obtain confirmation as to whether or not your personal data is processed, and, if so, to request access to such personal data as well as other information about such processing that are also contained in this policy.
Right to rectification: you have the right to have inaccurate personal data about yourself rectified or completed if it is incomplete.
Right to erasure (‘right to be forgotten’): you have the right to request that we erase your personal data.
Right to restriction of processing: you have the right to request from us that we limit the way we use your personal data.
Right to data portability: you have the right to receive the personal data you provided, in a structured, commonly used, and machine-readable form and to transmit that data to another controller or to have it transmitted directly from us to another controller.
Right to object: you have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data and we may have to stop processing your data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. You have the right to object, at any time, to the processing of your personal for direct marketing purposes.
How to contact us
What are cookies?
Cookies are files or pieces of information that may be stored on your computer (or other internet–enabled devices, such as a smartphone or tablet) when you visit this website. A cookie will usually contain the name of the website from which the cookie has come from, the “lifetime” of the cookie (i.e. how long the cookie will remain on your device), and a value, which is usually a randomly generated unique number.
Two types of cookies may be used: “session cookies” and “persistent cookies”. Session cookies are automatically deleted at the end of your browsing session. Persistent cookies remain longer on your device, for the duration of each specific cookie, and will remain valid until its set expiry date (unless deleted by the user before the expiry date).
Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website. Cookies do not contain any information that personally identifies you, [but personal information that we store about you may be linked to the information stored in and obtained from cookies].
Many cookies on this website perform essential functions or services you have requested or are used for security purposes, as further described in the section below.
What types of cookies does this website use?
The table below summarises the different types of cookies we use on this website, together with their respective purposes and duration.